cvelistv5 - CVE-2023-5058

CVE-2023-5058 (GCVE-0-2023-5058)

Vulnerability from cvelistv5

Published

2023-12-07 22:29

Modified

2025-07-28 20:50

Severity ?

CWE

CWE-20 - Improper Input Validation

Summary

Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.

References

URL

	Vendor	Product	Version
	Phoenix	SecureCore™ Technology™ 4	Version: 4.0

WID-SEC-W-2023-3068

Vulnerability from csaf_certbund

Published

2023-12-06 23:00

Modified

2024-12-16 23:00

Summary

UEFI BIOS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Das BIOS ist die Firmware bei IBM PC kompatiblen Computern. InsydeH2O UEFI BIOS ist eine proprietäre, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterstützt.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im UEFI BIOS verschiedener Hersteller ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.\r\nInsydeH2O UEFI BIOS ist eine propriet\u00e4re, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterst\u00fctzt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im UEFI BIOS verschiedener Hersteller ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3068 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3068.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3068 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3068"
      },
      {
        "category": "external",
        "summary": "Binarly Research \"LogoFAIL\" vom 2023-12-06",
        "url": "https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html"
      },
      {
        "category": "external",
        "summary": "CERT Coordination Center Vulnerability Note VU#811862 vom 2023-12-06",
        "url": "https://www.kb.cert.org/vuls/id/811862"
      },
      {
        "category": "external",
        "summary": "Insyde Security Advisory 2023053 vom 2023-12-06",
        "url": "https://www.insyde.com/security-pledge/SA-2023053"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory LEN-145284 vom 2023-12-06",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-145284"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-87fm-wcxm-mcmx vom 2023-12-06",
        "url": "https://github.com/advisories/GHSA-87fm-wcxm-mcmx"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-xhch-7j88-pg68 vom 2023-12-06",
        "url": "https://github.com/advisories/GHSA-xhch-7j88-pg68"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF03950 vom 2024-06-07",
        "url": "https://support.hp.com/us-en/document/ish_10832513-10832541-16/HPSBHF03950"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-455 vom 2024-12-16",
        "url": "https://www.dell.com/support/kbdoc/de-de/000260794/dsa-2024-455-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "UEFI BIOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-12-16T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-17T09:15:56.679+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2023-3068",
      "initial_release_date": "2023-12-06T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-12-06T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-06-30T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2024-12-16T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.4.1",
                "product": {
                  "name": "Dell PowerScale \u003c12.4.1",
                  "product_id": "T039868"
                }
              },
              {
                "category": "product_version",
                "name": "12.4.1",
                "product": {
                  "name": "Dell PowerScale 12.4.1",
                  "product_id": "T039868-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:12.4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PowerScale"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HP Computer",
            "product": {
              "name": "HP Computer",
              "product_id": "T031292",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HP"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "kernel 5.2 \u003cVersion 05.28.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.2 \u003cVersion 05.28.47",
                  "product_id": "T031495"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.2 Version 05.28.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.2 Version 05.28.47",
                  "product_id": "T031495-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.2_version_05.28.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.3 \u003cVersion 05.37.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.3 \u003cVersion 05.37.47",
                  "product_id": "T031496"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.3 Version 05.37.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.3 Version 05.37.47",
                  "product_id": "T031496-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.3_version_05.37.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.4 \u003cVersion 05.45.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.4 \u003cVersion 05.45.47",
                  "product_id": "T031497"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.4 Version 05.45.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.4 Version 05.45.47",
                  "product_id": "T031497-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.4_version_05.45.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.5 \u003cVersion 05.53.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.5 \u003cVersion 05.53.47",
                  "product_id": "T031498"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.5 Version 05.53.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.5 Version 05.53.47",
                  "product_id": "T031498-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.5_version_05.53.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.6 \u003cVersion 05.60.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.6 \u003cVersion 05.60.47",
                  "product_id": "T031499"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.6 Version 05.60.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.6 Version 05.60.47",
                  "product_id": "T031499-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.6_version_05.60.47"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "UEFI Firmware"
          }
        ],
        "category": "vendor",
        "name": "Insyde"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo BIOS",
            "product": {
              "name": "Lenovo BIOS",
              "product_id": "T005651",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:bios:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-39538",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-39538"
    },
    {
      "cve": "CVE-2023-39539",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-39539"
    },
    {
      "cve": "CVE-2023-40238",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-40238"
    },
    {
      "cve": "CVE-2023-5058",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-5058"
    }
  ]
}

wid-sec-w-2023-3068

Vulnerability from csaf_certbund

Published

2023-12-06 23:00

Modified

2024-12-16 23:00

Summary

UEFI BIOS: Mehrere Schwachstellen

Notes

Produktbeschreibung

Das BIOS ist die Firmware bei IBM PC kompatiblen Computern. InsydeH2O UEFI BIOS ist eine proprietäre, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterstützt.

Angriff

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.\r\nInsydeH2O UEFI BIOS ist eine propriet\u00e4re, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterst\u00fctzt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im UEFI BIOS verschiedener Hersteller ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3068 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3068.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3068 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3068"
      },
      {
        "category": "external",
        "summary": "Binarly Research \"LogoFAIL\" vom 2023-12-06",
        "url": "https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html"
      },
      {
        "category": "external",
        "summary": "CERT Coordination Center Vulnerability Note VU#811862 vom 2023-12-06",
        "url": "https://www.kb.cert.org/vuls/id/811862"
      },
      {
        "category": "external",
        "summary": "Insyde Security Advisory 2023053 vom 2023-12-06",
        "url": "https://www.insyde.com/security-pledge/SA-2023053"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory LEN-145284 vom 2023-12-06",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-145284"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-87fm-wcxm-mcmx vom 2023-12-06",
        "url": "https://github.com/advisories/GHSA-87fm-wcxm-mcmx"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-xhch-7j88-pg68 vom 2023-12-06",
        "url": "https://github.com/advisories/GHSA-xhch-7j88-pg68"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF03950 vom 2024-06-07",
        "url": "https://support.hp.com/us-en/document/ish_10832513-10832541-16/HPSBHF03950"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-455 vom 2024-12-16",
        "url": "https://www.dell.com/support/kbdoc/de-de/000260794/dsa-2024-455-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "UEFI BIOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-12-16T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-17T09:15:56.679+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2023-3068",
      "initial_release_date": "2023-12-06T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-12-06T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-06-30T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2024-12-16T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.4.1",
                "product": {
                  "name": "Dell PowerScale \u003c12.4.1",
                  "product_id": "T039868"
                }
              },
              {
                "category": "product_version",
                "name": "12.4.1",
                "product": {
                  "name": "Dell PowerScale 12.4.1",
                  "product_id": "T039868-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:12.4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PowerScale"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HP Computer",
            "product": {
              "name": "HP Computer",
              "product_id": "T031292",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HP"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "kernel 5.2 \u003cVersion 05.28.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.2 \u003cVersion 05.28.47",
                  "product_id": "T031495"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.2 Version 05.28.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.2 Version 05.28.47",
                  "product_id": "T031495-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.2_version_05.28.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.3 \u003cVersion 05.37.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.3 \u003cVersion 05.37.47",
                  "product_id": "T031496"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.3 Version 05.37.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.3 Version 05.37.47",
                  "product_id": "T031496-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.3_version_05.37.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.4 \u003cVersion 05.45.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.4 \u003cVersion 05.45.47",
                  "product_id": "T031497"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.4 Version 05.45.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.4 Version 05.45.47",
                  "product_id": "T031497-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.4_version_05.45.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.5 \u003cVersion 05.53.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.5 \u003cVersion 05.53.47",
                  "product_id": "T031498"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.5 Version 05.53.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.5 Version 05.53.47",
                  "product_id": "T031498-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.5_version_05.53.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.6 \u003cVersion 05.60.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.6 \u003cVersion 05.60.47",
                  "product_id": "T031499"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.6 Version 05.60.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.6 Version 05.60.47",
                  "product_id": "T031499-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.6_version_05.60.47"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "UEFI Firmware"
          }
        ],
        "category": "vendor",
        "name": "Insyde"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo BIOS",
            "product": {
              "name": "Lenovo BIOS",
              "product_id": "T005651",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:bios:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-39538",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-39538"
    },
    {
      "cve": "CVE-2023-39539",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-39539"
    },
    {
      "cve": "CVE-2023-40238",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-40238"
    },
    {
      "cve": "CVE-2023-5058",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-5058"
    }
  ]
}

fkie_cve-2023-5058

Vulnerability from fkie_nvd

Published

2023-12-07 23:15

Modified

2025-09-25 21:17

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de	https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/	Vendor Advisory
22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de	https://www.kb.cert.org/vuls/id/811862	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/811862	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.phoenix.com/security-notifications/	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	https://www.phoenix.com/security-notifications/cve-2023-5058/	Not Applicable

Impacted products

	Vendor	Product	Version
	phoenixtech	securecore_technology	4.*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:phoenixtech:securecore_technology:4.*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFBB3510-AFF0-4C04-BB87-5ACD5E41B752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "La validaci\u00f3n de entrada inadecuada en el procesamiento de la pantalla de presentaci\u00f3n proporcionada por el usuario durante el inicio del sistema en Phoenix SecureCore\u2122 Technology\u2122 4 potencialmente permite ataques de denegaci\u00f3n de servicio o ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2023-5058",
  "lastModified": "2025-09-25T21:17:13.403",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-07T23:15:07.490",
  "references": [
    {
      "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/"
    },
    {
      "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.kb.cert.org/vuls/id/811862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.kb.cert.org/vuls/id/811862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.phoenix.com/security-notifications/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
    }
  ],
  "sourceIdentifier": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-mpmx-6xxg-22w6

Vulnerability from github

Published

2023-12-08 00:30

Modified

2025-07-28 21:31

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-5058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-07T23:15:07Z",
    "severity": "HIGH"
  },
  "details": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution.",
  "id": "GHSA-mpmx-6xxg-22w6",
  "modified": "2025-07-28T21:31:30Z",
  "published": "2023-12-08T00:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5058"
    },
    {
      "type": "WEB",
      "url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/811862"
    },
    {
      "type": "WEB",
      "url": "https://www.phoenix.com/security-notifications"
    },
    {
      "type": "WEB",
      "url": "https://www.phoenix.com/security-notifications/cve-2023-5058"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2023-5058

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-5058

Aliases

CVE-2023-5058

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-5058",
    "id": "GSD-2023-5058"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-5058"
      ],
      "details": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution.",
      "id": "GSD-2023-5058",
      "modified": "2023-12-13T01:20:50.729015Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-5058",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SecureCore\u2122 Technology\u2122 4",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "4.0"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Phoenix"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "CWE-20 Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.phoenix.com/security-notifications/",
            "refsource": "MISC",
            "url": "https://www.phoenix.com/security-notifications/"
          },
          {
            "name": "https://www.phoenix.com/security-notifications/cve-2023-5058/",
            "refsource": "MISC",
            "url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
          },
          {
            "name": "https://www.kb.cert.org/vuls/id/811862",
            "refsource": "MISC",
            "url": "https://www.kb.cert.org/vuls/id/811862"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:phoenix:securecore_technology:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D90CF945-7DC0-4E4A-9B87-FFC9B4C549C5",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
          },
          {
            "lang": "es",
            "value": "La validaci\u00f3n de entrada inadecuada en el procesamiento de la pantalla de presentaci\u00f3n proporcionada por el usuario durante el inicio del sistema en Phoenix SecureCore\u2122 Technology\u2122 4 potencialmente permite ataques de denegaci\u00f3n de servicio o ejecuci\u00f3n de c\u00f3digo arbitrario."
          }
        ],
        "id": "CVE-2023-5058",
        "lastModified": "2023-12-16T01:15:08.080",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-12-07T23:15:07.490",
        "references": [
          {
            "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
            "url": "https://www.kb.cert.org/vuls/id/811862"
          },
          {
            "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.phoenix.com/security-notifications/"
          },
          {
            "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
          }
        ],
        "sourceIdentifier": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-20"
              }
            ],
            "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-5058 (GCVE-0-2023-5058)

Vulnerability from cvelistv5

WID-SEC-W-2023-3068

Vulnerability from csaf_certbund

wid-sec-w-2023-3068

Vulnerability from csaf_certbund

fkie_cve-2023-5058

Vulnerability from fkie_nvd

ghsa-mpmx-6xxg-22w6

Vulnerability from github

gsd-2023-5058

Vulnerability from gsd

Tags

Sightings

Nomenclature